The Hacker News — Cyber Security, Hacking, Technology News

Social media networks are no doubt a quick and powerful way to share information and ideas, but not everything shared on Facebook or Twitter is true.

Misinformation, or "Fake News," has emerged as a primary issue for social media platforms, seeking to influence millions of people with wrong propaganda and falsehoods.

In past years, we have seen how political parties and other groups have used spoofed social media profiles of influencers or leaders to spread misinformation, and most of the time such techniques work to successfully convince people into believing that the information is true.

Although social media services like Facebook, Twitter, and Google, offers account verification (verified accounts with blue tick) for public figures, we have seen hackers hijacking verified accounts to spread fake news from legitimate account to their millions of followers.

Now, researchers have uncovered a new, cunning attack technique currently being used by hackers to take over verified Twitter accounts and rename them to influential people in order to spread fake news.

Dubbed DoubleSwitch, the attack begins with a simple account takeover, but then the hackers change the username and display name with the one having a large influence on social media.

According to a new report from digital rights group Access Now, hackers are targeting Twitter accounts of journalists, activists, and human rights defenders in Venezuela, Bahrain, and Myanmar, some of them were verified with a large number of followers.

This attack was discovered when two journalists — Milagros Socorro and Miguel Pizarro, a member of Venezuela's parliament — were hacked and then renamed.

What's creepy? The hacker then registered a new account, resembling with their original profiles, under the original usernames (Twitter handles), but using the attacker's controlled email addresses.

This means, every time victims try to recover their accounts using regular password reset option, the confirmation emails will be sent to the hijacker, who pretends that the issue has been resolved, making it almost impossible for the victims to recover their account.

Hackers then use hijacked verified accounts, but renamed to another influence, to feed fake news to the millions of followers of the original accounts.

While it's unclear how the hackers managed to hijack the verified users at the first place, it is believed that the attack begins with malware or phishing attacks.

How DoubleSwitch Attack Works (Illustrated Example)

To illustrate how effective DoubleSwitch technique is, we have prepared an example below:

The First Switch: Once hacked, the hacker first changes the password and associated email id, along with the username, let's say @tim__cook, spoofing the Apple's CEO who is on Twitter with @tim_cook (single underscore).

Hijacked @thehackersnews Account (Impersonates Tim Cook)

Now, the hacker holds a verified account with the name of Apple CEO Tim Cook and can feed misinformation to nearly 370,000 influential followers from the tech industry, and many of them will believe without realising the account is hijacked and the tweets from it are fake.

The Second Switch: The hacker creates a new Twitter account with the original username @thehackersnews, which will be available, as once a Twitter account is deactivated, the handle for that account is freed for others to use.

But mind it, this new Twitter account registered with our Twitter handle (@thehackersnews) will not be verified with zero followers.

Locking the Legitimate Account Owner Out of its Account

In order to get our account back, if we use password reset option, Twitter will send the confirmation email only to the attacker' email id that he used to register the new account.

So any attempt by the victim to regain access to its account fails, as the attacker can simply notify Twitter that the issue has been resolved, locking out the legitimate account holder.

Fortunately, Twitter also offers an alternative way, an online form, to report account hacking incidents directly to the Twitter team, which then they review and investigate the issue accordingly to help victims recover their accounts.

Using this method, Access Now helped the journalists regain access to their accounts, but by the time they regained access, some of the original account holder’s tweets were deleted, and the accounts were used to spread the fake news about events in Venezuela, confusing followers and damaging their reputations in the process.

Access Now says the attack can be conducted over Facebook and Instagram as well, but users can protect themselves by enabling two-factor authentication feature offered by the services.

Two-factor authentication uses two different methods in an attempt to verify a user's identity — a password and a one-time passcode (OTP) sent to the user's mobile phone — which makes it much harder for hackers to compromise an account in the first place.

However, two-factor verification is not an actual solution for the journalists, activists and human rights defenders in countries like Venezuela, as they do not associate their personally-identifiable information like phone numbers with their online accounts in fear of getting spied on.

It seems like the new American President's Twitter account could easily be hacked due to security blunders he made with the most powerful Twitter account in the world, experts warned.

Days after we got to know that the newly inaugurated President Donald Trump was still using his old, insecure Android smartphone, it has now been revealed that the official @POTUS Twitter account was linked to a private Gmail account.

Since we are already aware of the potential scandal with government officials using outside email systems following the hack of private e-mail servers of Hillary Clinton and George W. Bush, the choice of using private, non-government email address by Trump has raised serious concerns about the security of the White House's closely watched account.

To gain control of the official @POTUS Twitter account, which may or may not is secured with some form of two-factor authentication, all an attacker needs to do is hack the email address associated with the account, which controls the password reset process.

A hacker, @WauchulaGhost, who discovered this issue also reported similar weaknesses in the email linked to the First Lady Melania Trump (@FLOTUS) and VP Mike Pence (@VP), said CNN.

WauchulaGhost, who took down more than 500 ISIS Twitter accounts in the past, said he would not hack the @POTUS Twitter account or Twitter accounts of other White House officials; instead, he just wanted to issue a warning to upgrade the security of these accounts.

Fortunately, all those Twitter accounts were switched over to the White House-affiliated private email clients by just yesterday morning, but so far only Trump's personal Twitter account is apparently protected by two-factor verification, which requires users to enter a one-time passcode sent to their phone.

However, Trump's personal Twitter account still involves some substantial information security risks, since he is still using the insecure device to post messages from the White House, according to numerous reports quoting unnamed White House sources, which could allow malicious actors to gain access to the account through his phone itself.

Trump Press Secretary May Have Just Tweeted His Password, Twice!

Another example of security blunders came yesterday when Press Secretary Sean Spicer believed to have tweeted his own Twitter password — particular combination of letters and numbers (n9y25ah7) — by mistake.

And since the email address used for the Spicer's Twitter account (@PressSec) was already known, it would have taken just a few seconds to log into it.

Overall, it is not a good start for the nascent Trump administration as far as cyber security is concerned. And if this continues, the new president will be the next target for hackers.

The same group of teenage hackers that hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts have hacked another the Twitter account of another high-profile person.

This time, it's Twitter's ex-CEO, Dick Costolo.

The hacker group from Saudi Arabia, dubbed OurMine, compromised Twitter account of former Twitter CEO on Sunday and managed to post three tweets on Costolo's Twitter timeline, first spotted by a Recode reporter.

However, the tweets seemed to be just simple-worded tweets with no disturbing content. It looked like the hacking group was testing its access to the account.

All the three tweets in question have since been deleted, and Costolo soon regained access to his account.

Moreover, Twitter also suspended the Twitter account belonging to OurMine once again, after the company already suspended its original account following the Zuckerberg hacks.

After regaining access to his account, Costolo said that the group of hackers managed to post tweets on his timeline without directly compromising his Twitter profile.

Instead, the hackers got access to "an old account from another [third-party] service that cross-posted to Twitter," the Twitter ex-CEO said.

The links included in the tweets indicates that hackers managed to access Costolo's Pinterest account and then cross-posted to his Twitter timeline, though the group did not reveal how it accessed Costolo's Pinterest account.

Although the group previously hijacked Zuckerberg account and now Twitter ex-CEO, it claimed that it hacks accounts to teach people to better secure their accounts, according to screenshots of previous OurMine tweets.

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.

However, these are only data breaches that have been publicly disclosed by the hacker.

I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released.

The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.

The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts.

Twitter strongly denied the claims by saying that "these usernames and credentials were not obtained by a Twitter data breach" – their "systems have not been breached," but LeakedSource believed that the data leak was the result of malware.

"Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter," LeakedSource wrote in its blog post.

But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?

The hackers obtained Zuck's account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfully hacked Zuckerberg’s Twitter and Pinterest account.

So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.

The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.

Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.

So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

In the wake of horrific terror attacks in Paris, the online Hacktivist group Anonymous last week declared "total war" against the Islamic State militant group (ISIS) that claimed responsibility for the attacks.

While French, Russian, and US military are bombing ISIS from the sky, Anonymous members from all over the world are carrying out their very own cyber attack campaign, dubbed #OpParis, against the terrorist organization.

Anonymous has claimed to have taken down 20,000 ISIS-affiliated Twitter accounts in order to take revenge from ISIS for the deadly Paris attacks on November 13.

Anonymous Took Down 20,000 ISIS-affiliated Twitter Accounts

In a YouTube video posted on Wednesday, the group said:

"More than 20,000 Twitter accounts belonging to ISIS were taken down by Anonymous."

The group has provided a list of all the Twitter accounts that have been taken down.

On Tuesday, the hacktivist group claimed to have successfully taken down more than 5,500 pro-ISIS Twitter accounts from the Internet.

In the latest video provided by Anonymous, a spokesman in black behind the group’s signature Guy Fawkes mask said:

"Hello, citizens of the world. We are Anonymous. It is time to realize that social media is a solid platform for ISIS’s communication as well as neutering their ideas of terror amongst youth. However, at the same time, social media has proved it is an advanced weapon. We must all work together and use social media to eliminate the accounts used by terrorists."

Hey ISIS! We Will Hunt you Down from The Internet

ISIS' most interesting aspect is how it leverages the enormous power of social media platform to radicalize young people, spread its message around the globe, recruit foreign supporters to its fight and shock people into taking notice of its actions.

So, taking down the ISIS' social media presence is the real key to defeating the terror group, and it does make an impact at worst.

"ISIS, we will hunt you and take down your sites, accounts, emails and expose you. From now on, there is no safe place for you online. You will be treated like a virus, and we are the cure," the spokesman said in the video message.

IDIOTS Answer to ISIS

However, on the other side, the terror organization started spreading instructions through its affiliated official channels on Telegram on how to prevent getting hacked by Anonymous. This shows that ISIS knows the capability of Anonymous.

In the past, hackers and organizations associated with Anonymous brought down websites allegedly connected with ISIS and took down thousands of ISIS accounts, disrupting their social media recruitment efforts.

ISIS hackers have hacked tens of thousands of Twitter accounts, including the accounts of the members of CIA and the FBI, in revenge for the US drone strike that killed a British ISIS extremist in August.

The Cyber Caliphate, a hackers group set up by British ISIS member Junaid Hussain, urged its supporters and followers to hack Twitter accounts in order to take revenge of Husain's death.

Over 54,000 Twitter Accounts Hacked!

As a result, the hackers were able to hack more than 54,000 Twitter accounts. Most of the victims targeted by Jihadis appear to be based in Saudi Arabia though some of the them are British.

One of the victims based in Saudi Arabia, whose Twitter account was compromised by the ISIS extremists, said, "I am horrified at how they got hold of my details."

The extremists not only hacked thousands of Twitter accounts, but they also posted hacked personal information, including phone numbers and passwords, of the heads of:

The Central Intelligence Agency (CIA)

The Federal Bureau of Investigation (FBI)

The United States's National Security Agency

'We Are Back with a BANG'

Hussain was a British hacker who rose to prominence within Islamic State Terrorist group (better known as ISIS) in Syria as a top cyber expert to mastermind the ISIS online war before a US drone killed him in August.

After Hussain's death, Cyber Caliphate (@cyber_caliph), which took control of the official Twitter and YouTube accounts of the US military's Central Command (CENTCOM) in January, reappeared on Twitter last Sunday.

"We are back," Cyber Caliphate declared in an opening tweet.

Before its accounts got suspended by Twitter, Cyber Caliphate tweeted a link to the database that contained stolen Twitter accounts, including passwords, although the data could not be verified yet.

The incident came just a day after another hacking group, Crackas With Attitude (CWA), claimed to have gained access to a Law Enforcement Portal that contains arrest records and tools for sharing information about terrorist events and active shooters.

The very popular Pop star Taylor Swift became the latest celebrity to have their social media accounts hacked on Tuesday.

The 25-year-old "Shake It Off" singer, who has the fourth-most popular Twitter account with 51.4 million followers, appeared to be asking her millions of followers to follow @veriuser and @lizzard.

Swift confirmed that her Twitter and Instagram accounts were hacked on Tuesday afternoon, and also that the rogue posts were quickly removed from the social media websites.

"My Twitter got hacked but don't worry, Twitter is deleting the hacker tweets and locking my account until they can figure out how this happened and get me new passwords," said a statement posted on Swift's personal Tumblr page.

The accounts were taken for just 15 minutes, but when it belongs to Taylor Swift, that makes it a big hit. At the time, a Tweet went out from @TaylorSwift13 to her millions of fans, saying, "go follow my boy, @lizzard :)"

Yes Lizzards are the same guys who recently took down Sony's PlayStation game networks, among other things, as @lizzard profile claimed to be the "Leader of Lizard Squad" — the hacking group that's ostensibly behind this attack.

The hackers not only took over her social media accounts, but also threatened Taylor Swift to release here nude pictures, on which the pop star says "none existed."

"Any hackers saying they have 'nudes'?" Swift tweeted after retaking control of her Twitter account. "Psssh you'd love that wouldn't you! Have fun photo-shopping cause you got NOTHING."

An Instagram photo sent out from Swift's account with over 20 million followers urged her fans to follow another user supposedly involved in the Twitter hack.

Both the Instagram photo and the rogue Tweets from her accounts have vanished. However, @lizzard and @veriuser's Twitter accounts have been suspended by Twitter.

Swift even mimicked the lyrics to her hit "Shake It Off" by tweeting, "Cause the hackers gonna hack, hack, hack, hack, hack ..."

Though, hacking the fourth largest profile on Twitter makes the hack one of the higher-profile breaches that has occurred on the network.

The official Twitter and YouTube accounts for the US military's Central Command (CENTCOM) that oversees operations in Central Asia and the Middle East were hacked on Monday by a hacker group claiming association with Islamic State militant group, also known as ISIS.

The hacker group, appears to call itself "CyberCaliphate", managed to gain access to the CENTCOM social accounts, and posted some screenshots of documents, allegedly internal CENTCOM documents, with links to what they described as leaked military files.

Meanwhile, YouTube page related to the US military’s Central Command was set to display propaganda videos in support of the terrorist group ISIS.

On Twitter, the group posted a Pastebin message that declared "Pentagon networks hacked. AMERICAN SOLDIERS WE ARE COMING, WATCH YOUR BACK. ISIS. #CyberCaliphate." Originally, a statement posted on pastebin shared by the compromised CENTCOM account reads:

"US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you.You'll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. With Allah's permission we are in CENTCOM now.We won't stop! We know everything about you, your wives and children.US soldiers! We're watching you!"

The post also includes link to a .zip file labeled ‘US Army Files’ and images depicting what appears to be lists of names, addresses and contact information of the US Army members, as well as budget documents from last year.

Two videos were uploaded to the Centcom YouTube account supporting ISIS, a Sunni Muslim terrorist group that operates in the same geographic regions as Centcom. The first message posted to the Twitter account was around 9:30 a.m. PST, while the first YouTube videos showed up around an hour later.

Following the hack, both the Centcom’s Twitter and YouTube accounts was suspended.

"We can confirm that the Centcom Twitter and YouTube accounts were compromised earlier today," a Central Command spokesperson said. "We are taking appropriate measures to address the matter. We have no further information to provide at this time."

Centcom later called the hack "cybervandalism," saying no classified information was released and none of its internal computer servers was breached. None of the released information was terribly sensitive and there was "no operational impact" on military networks from a hacking incident carried out by people claiming to be working on behalf of of the Islamic State of Iraq and the Levant (ISIL). Some of it is readily available on public websites.

The hack came just moments after President Barack Obama concluded an address at the Federal Trade Commission headquarters in Washington, DC, where he announced new proposals aimed at bolstering American cybersecurity after high-profile hacking incidents including one against Sony Pictures Entertainment that U.S. officials blamed on North Korea.

At the beginning of this month, just like other social networks, Twitter also started paying individuals for any flaws they uncover on its service with a fee of $140 or more offered per flaw under its new Bug Bounty program, and here comes the claimant.

An Egyptian Security Researcher, Ahmed Mohamed Hassan Aboul-Ela, who have been rewarded by many reputed and popular technology giants including Google, Microsoft and Apple, have discovered a critical vulnerability in Twitter’s advertising service that allowed him deleting credit cards from any Twitter account.

FIRST VULNERABILITY

Initially, Aboul-Ela found two different vulnerabilities in ads.twitter.com, but both the flaws was having the “same effect and impact.” First flaw exists in the Delete function of credit cards in payments method page, https://ads.twitter.com/accounts/[account id]/payment_methods

By choosing the Delete this card function, an ajax POST request is sent to the server. The post parameters sent in request body are:

Account: the twitter account id

ID: the credit card id and it’s numerical without any alphabetic characters

“All I had to do is to change those two parameters to my other twitter account id and credit card id , then reply again the request and I suddenly found that credit card have been delete from the other twitter account without any required interaction,” Aboul-Ela wrote.

The page response was “403 forbbiden” but in actual, the credit card was deleted from the account.

SECOND VULNERABILITY

Aboul-Ela found another similar flaw in ads.twitter.com, but according to him, the impact of the this vulnerability was higher than the previous one.

When he tried to add an invalid credit card to his twitter account, it displayed an Error message “We were unable to approve the card you entered” and serve “Dismiss” button. Clicking on the button, the credit card was disappeared from his account.

“I thought it have the same effect of deleting, so I tried to add invalid credit card again and intercepted the request,” he said.

Unlike first vulnerability, the account parameter doesn’t exists, only credit card Id is used. He modified the credit card Id in the URL and body to his credit card Id from other twitter account and then replied the request.

Guess what ? The credit card got deleted from the other twitter account. Aboul-Ela has also provided the Video demonstration as a Proof-of-concept for the vulnerability he discovered.

IMPACT OF VULNERABILITY

The Vulnerability could impact Twitter financially hard because it could be exploited easily by writing a simple python code or using a simple for loop on 6 numbers. Using it, a bad actor could delete all credit cards from all twitter accounts, resulting in “halting all the twitter ads campaigns and incur big financial loss for Twitter.”

“The impact of the vulnerability was very critical and high because all what’s needed to delete credit card is to have the credit card identifier which consists only of 6 numbers such as “220152,″ said Aboul-Ela.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

The popular social media site Twitter is rolling out a couple of new features to its login process to help users prevent their account in a more secure way and restore access to their account if they forget their accounts’ password.

For tighten up the security measures Twitter is launching two factor authentication in its new password reset experience, making its users to reset their password in easier way and at the same time difficult for cybercriminals to log in to users’ accounts.

"The new process lets you choose the email address or phone number associated with your account where you'd like us to send your reset information. That way, whether you've recently changed your phone number, or are traveling with limited access to your devices, or had an old email address connected to your Twitter account, you've got options," Twitter said in a blogpost on Thursday.

RESET TWITTER PASSWORD WITH SMS

This new experience will let Twitter users to enable password resets via phone SMS, only they will need to do is register their mobile number with their respective account. In case they've forgotten their password, they'll need to go to the standard 'Forgot password?' page and enter their mobile number or username.

Twitter will then text a six digit code that is valid only for 15 minutes, which the user has to enter on a web page before being prompted to choose a new password for their account. This SMS-based feature is the same that Google has enabled in its Gmail email service since 2009.

But, in case if users do not receive any code they are required to review SMS troubleshooting page or use the email password reset option.

SUSPICIOUS LOGIN NOTIFICATION

Along with the new password reset experience for its users, Twitter has also introduced enhanced user identification processes to identify the logins and blocking of suspicious logins in an effort to boost up account security.

Google also functions similar to identified suspicious login, for that it has a back-end behavioural analysis system for Gmail that identifies doubtful login attempts and also can flag account takeover attempts from state-sponsored attackers.

This new move is in the wake of users who reuse their same passwords for multiple sites, if one site is compromised by an attacker, the stolen passwords could be used to access users’ multiple sites accounts including Twitter.

So, to protect users account in this scenario, Twitter built a new system that analyzes login attempts to accounts by looking at information such as location, device used and login history and identifies suspicious behaviour.

“If we identify a login attempt as suspicious, we’ll ask you a simple question about your account – something that only you know – to verify that your account is secure before granting access,” Mollie Vandor, a product manager at Twitter wrote in a blog post. “We’ll also send you an email to let you know that we've detected unusual activity so you can update your password if need be.”

Twitter said it has also made it easier to reset a lost password on your iOS and Android devices and that it has also added some customized tips to help users strengthen account security in the future.

"Since mid-January, we have been protecting your emails from Twitter using TLS in the form of StartTLS. StartTLS encrypts emails as they transit between sender and receiver and is designed to prevent snooping. It also ensures that emails you receive from Twitter haven’t been read by other parties on the way to your inbox if your email provider supports TLS."

"These email security protocols are part of our commitment to continuous improvement in privacy protections and complement improvements like our securing of web traffic with forward secrecy and always-on HTTPS." said Josh Aberant, Postmaster at Twitter.

SSL/TLS and STARTTLS, both variants are equally secure, but the only difference is that: SSL/TLS is plain communication over an encrypted channel and STARTTLS is encrypted communication over a plain channel, which provides end-to-end encryption of emails and prevent from Man-in-the-middleattack, which is highly effective and quite difficult to detect.

TLS encryption only works if both the sender and receiver of emails support it and Twitter admire Gmail and AOL Mail, who are already supporting TSL encryption and encouraging other services to enable it, "Together, we can protect the privacy of every user." he said.

Pop Singer Justin Bieber's Twitter account hacked for around 15 minutes before it was corrected! The Twitter account with 50.2 Million Followers was compromised i.e. Twitter account with the second most Twitter followers.

Spammers tweeted in Indonesian language from his hacked account with the links to a malicious twitter app named "ShootingStarPro", and messages reading “Justin Bieber Cemberut?”, means - "Justin Bieber sullen?"

It seems that the Justin's twitter account was hijacked by Indonesian hacker with a malicious twitter app, that further tweeted links to the a malicious websiterumahfollowers[dot]tkthat hosted "ShootingStarPro" app, aimed to target his millions of followers in one shot.

Justin's team quickly responded to the issue, deleted the bogus tweets and told fans "All good now. We handled it.". He also warned his followers, "That link from earlier. Don’t click it. Virus. Going to erase this now. Spread the word. Thanks."

Probably thousands of followers might have clicked on those links. If you have also clicked such link or authorized a malicious application for your twitter account, then you should change your password immediately. As always, we recommend selecting a strong password that is unique to each website.

Review the applications you have been granted access to your Twitter account and revoke access to all suspicious apps to make sure the scammers can’t abuse your account.

After this incident, "#JustinsPasswordIsProbably" hash tag is trending throughout the globe.

Forbes is the latest victim in a long line of high-profile attacks by the Syrian Electronic Army (SEA), sending a reminder to the international community that cyber warfare is alive and well.

The pro-Assad group also took responsibility for hacking multiple Forbes websites and hijacked three Twitter accounts related to the website.

According to the screenshots published by the team, it appears the hackers gained the access to the Wordpress administration panel of Forbes website and edited several articles posted earlier on Forbes by authors Travis Bradberry, Matthew Herper, Andy Greenberg, John Dobosz, Steve Forbes and titled then as "Hacked by Syrian Electronic Army".

The Syrian Electronic Army attacked Forbes because, "Many articles against the SEA were posted on Forbes, also their hate for Syria is very clear and flagrant in their articles.".

The Syrian Electronic Army group is notorious for hacking Western media. They have targeted media sites, including the New York Times, the Washington Post, the Financial Times, the AP, The Guardian, and Twitter over the past year.

A well-known pro-Syrian hacker group known as Syrian Electronic Army (SEA), aligned with President Bashar al-Assad, who successfully attacked The New York Times, Huffington Post, and Twitter, BBC, National Public Radio, Al-Jazeera, Microsoft, Xbox, Skype and responsible for cyber-attacks against various other U.S media companies in the past.

Last evening, the Group claimed the responsibility for hacking another big media outlet “CNN”, compromised their Twitter, Facebook account and the website.

CNN’s twitter profile with 11.6 million followers saw a number of fake tweets from hackers, including allegations that the Central Intelligence Agency (CIA) is behind the Al-Qaida network.

Hackers Tweeted, "Tonight, the #SEA decided to retaliate against #CNN's viciously lying reporting aimed at prolonging the suffering in #Syria."

"Obama Bin Laden the lord of terror is brewing lies that the Syrian state controls Al Qaeda."

They also hacked into CNN's "Security Clearance" blog, and posted a new fake article, titled "US declares a state of national emergency, State Department reportedly out of reach."

Within 5 minutes, CNN took control back and deleted all the fake contents. CNN confirmed that some of their social media account were compromised via third-party social publishing platform. "We have secured those accounts and are working to remedy the issue." they said.

It could be the worst day ever for Microsoft's patch management and Incident response team. A group of pro-Syrian hackers 'Syrian Electronic Army' has successfully compromised the official Twitter account of the Microsoft News (@MSFTNews), Xbox Support.

They also defaced the Microsoft's TechNet blog (blogs.technet.com), and posted deface not over the blog. Microsoft says the situation is under control and no customer data was compromised.

It seems that hackers have more internal access to the mailer system of the Microsoft, as they shared a screenshots of the internal communications between Microsoft’s Public relations team and Steve Clayton, who is the manager in charge of Microsoft’s corporate media platforms.

Last week, the SEA hacked Skype's blog and official twitter page, to spread the information about the NSA spying i.e. "Hacked by Syrian Electronic Army.. Stop Spying!" and today we have seen similar tweets from the Microsoft's News account.

The hacked tweets were visible on Microsoft's Twitter account for at least an hours, but have since been deleted. For the time being, their blog is also down for maintenance.

Stay tuned to +The Hacker News for information about the hack, we will update shortly.

Twitter continues to implement new security features. But really, who thinks social media will ever be unhackable? The official twitter account of Saudi Aramco, the world's biggest oil producer hacked by hacker with name 'Mister Rero'.

The background on Saudi Aramco’s official Twitter page and the name has been changed by hacker. So far, no tweets posted by hacker.

Last year in August about 30,000 workstations inside internal computer networks of Saudi Aramco was infected by a virus. Last month Burger King’s and Jeep’s official Twitter accounts was compromised.

Phishing is most commonly perpetrated through the mass distribution of e-mail messages directing users to a fraud web site or services. These professional criminals daily find new ways to commit old crimes, treating cyber crime like a business and forming global criminal communities. Another latest scam has been notified by GFI that, where cyber criminals are offering the art of hacking Twitter accounts with a web-based exploit.

Phishers are sending scam emails and offering fake twitter account hacking service, which in actual will hack their own twitter accounts.
Email from phishers have text, “Do you want to learn how to hack twitter? Are you looking for a way to hack your friends twitter account without them finding out? Interested in finding out ways to hack someone’s profile? Maybe you want to take a quick peek at their direct message inbox, steal their username or find a glitch to use a hacking script,”.

Hackers try to convince readers by showing a exploit code, and explain that how exactly the hack will be performed. Here phisher actually trying to trick user by asking values of parameters used in exploit, such as Victim username, your twitter username and your twitter password (in order to show authenticity).

Once reader will agree with the service in order to use it, they ask the end-user to email the above information to the site owner, along with fake code waffle as the subject line so “the database knows how to read it in programming language."

Users have to be very careful and protect themselves from these threats by using appropriate security software and being aware of the tricks used by cyber criminals. In actual there is no such exploit or way which can hack twitter account of anyone by just one click, if it can then our... @TheHackersNews is open for you !

LulzSec Peru hack the official twitter account ( @partidopsuv ) of the United Socialist Party of Venezuela (PSUV), in the evening hours of Thursday. Hackers start twitting from hacked account, “No to communism. Corrupt Chavez get out.”

In a blog post Party people announce that their twitter account is compromised and "Unfortunately this type of attacks, which are part of the fourth generation war that we face today, promoted by the fascist right."

Now account credentials are recovered by party but the tweets posted by hackers are still online. The pastebin link posted by hackers contain more Emails and Documents dumps .

The growing popularity of microblogging sites like Twitter has sparked a corresponding rise in social networking scams. If you receive an email or direct message (DM) on Twitter with text “Hello, You have been selected to be the Twitter user for the month! We've got a reward for you text this word ITweet to the following number 6 8 3 9 8” , don't bother replying the mail.

Mary C. Long actually notice this scam and write a quick warming on his blog. Those who send messages to the number provided by the scammers are actually handing over their phone numbers to the crooks. They can use the information for smishing attacks and all sorts of other malicious plots, Eduard Kovacs from Softpedia explains.

Here a small list of most common Twitter-Facebook Scam messages , If any of this phishing scheme sounds familiar, ignore the message.

i got mine yesterday

you even see them taping u him

what on earth you’re doing on this movie

O M G your in this

what on earth could you be doing in our vid

what are you doing in this viddeoo

rofl they was taping you

u didn’t seee them tapping u

how did you not see them taping u

lol they taped your

whatt are you doing in this fb vid ?

In case you Get a Phishing DM on Twitter, Report the issue direct to Twitter Team Here.

Official Twitter account of Rock band 'Garbage' has been compromised and hacker is posting Spam tweets and links using adf.ly, which is a url shortener service that pays on clicks. Hacked twitter account hack around 55,563 Followers.

Hacker can post malicious links also, but in this case we can see that purpose is not to infect other, instead hacker want to make some money by spreading links. Even he has mention this in a tweet, “All you people saying I'm dumb. I've made over 19 dollars by spamming ad.fly links. I hack twitters and spam them great money,”

How hacker got access to twitter account is not yet clear, may be phishing, social engineering or can be a password guess, but once readers should learn the importance of strong password.

Yesterday we have posted another Exclusive report that, how 15000 wordpress blogs hacked and hacker is making money from referral system by posting spam articles on each blog.